-
其它链接及资源

-
漏洞信息

漏洞名称:ULTRIX /usr/bin/mail漏洞

紧急程度:中危

漏洞类型:未知

发布日期:1991-08-23 00:00:00

更新日期:2005-10-20 00:00:00

攻击路径:本地

详细介绍:

DEC ULTRIX 4.2之前版本中的/usr/bin/mail存在漏洞。本地用户可以借助该漏洞提升特权。

-
公告与补丁

Digital has corrected the identified code as of ULTRIX Version 4.2 (released May 1991). Digital recommends strongly that you upgrade to ULTRIX Version 4.2 immediately to avoid any potential vulnerability to your system via this problem. For those of you who are unable to upgrade at this time, installing the ULTRIX Version 4.2 mail file on your V4.1 system will correct this problem. ULTRIX Version 4.2 of /usr/bin/mail has not been shown to be compatible with versions of ULTRIX previous to ULTRIX version 4.1; upgrading to ULTRIX V4.2 or upgrading to ULTRIX V4.1 and using the ULTRIX 4.2 /usr/bin/mail program is required to correct this problem. Use one of the procedures below to update an ULTRIX Version 4.1 system: - Procedure (1) describes the process to extract the /usr/bin/mail binary from the ULTRIX Version 4.2 MUP subset. - Procedure (2) provides the commands to install the ULTRIX Version 4.2 /usr/bin/mail binary from another of your system(s) where possible. - Both the VAX (DECsystem) and DEC RISC (DECstation) versions of the ULTRIX Version 4.2 /usr/bin/mail binary, may be obtained by contacting your Digital Services Support Organization. - ------------------------------------------------------------------------------ - (1) This procedure will replace your existing /usr/bin/mail binary using the /usr/bin/mail binary from the ULTRIX Version 4.2 MUP distribution. The procedure below describes the method to extract the binary from the tape media. NOTE: Setting the environment to single user mode will prevent possible disruption of the mail services. - ------------------------------------------------------------------------------ - To update an ULTRIX Version 4.1 system, you must first obtain the ULTRIX Version 4.2 binary of /usr/bin/mail for your computer's architecture from your ULTRIX Version 4.2 distribution tapes. LOAD THE ULTRIX MANDATORY UPGRADE TAPE ON YOUR ULTRIX Version 4.1 SYSTEM. ( Note: UDTBASE421 will provide the RISC base upgrade, ULTBASE421 will) ( provide the VAX base upgrade mail file. Substitute as necessary for) ( your architecture. ) ( ISSUE THE FOLLOWING COMMANDS FROM YOUR ULTRIX Version 4.1 SYSTEM ) ( BECOME ROOT - YOU MUST HAVE PRIVILEGES TO MAKE THIS UPDATE. ) % su (cd TO SOME DIRECTORY THAT YOU CAN PUT THE FILE IN TEMPORARILY, e.g. cd /tmp) # cd /tmp (NOTE: YOU WILL NEED APPROXIMATELY 2 MB of DISK SPACE ) # mkdir ./usr # mkdir ./usr/etc # mkdir ./usr/etc/subsets # setld -x /dev/nrmt0h {UDTBASE421 or ULTBASE421} ( LIST THE SUBSET, CREATE THE FILE UDTBASE421 or ULTBASE0421, THEN EXTRACT ) ( THE MAIL FILE /usr/bin/mail {NOTE} THIS EXAMPLE USES THE "RISC" SUBSET ) # ls # mv UDTBASE421 UDTBASE421.Z # zcat UDTBASE421.Z | tar xvf - ./usr/bin/mail ( MOVE THE ULTRIX V4.2 BINARY TO /usr/bin/mail CHANGE PROTECTION, OWNER etc.) # cd /usr/bin # mv mail mail.old # chmod 600 mail.old # mv /tmp/usr/bin/mail . # chown root mail # chgrp kmem mail # chmod 6755 mail

- ------------------------------------------------------------------------------ - (2) To update the /usr/bin/mail binary from an existing V4.2 (similar platform (VAX or RISC)) remote node, copy the file to your system and store it in a temporary location (e.g., - /tmp/mail). The procedure below provides an example using DECnet. Use the copy command that fits your environment to copy the /usr/bin/mail binary from a remote node to the /tmp directory on your local system. NOTE: Setting the environment to single user mode will prevent possible disruption of the mail services. - ------------------------------------------------------------------------------ - % dcp -iv {remote-nodename}/{username}/{password}::'/usr/bin/mail' '/tmp/mail' ( ISSUE THE FOLLOWING COMMANDS FROM YOUR ULTRIX Version 4.1 SYSTEM ) ( BECOME ROOT - YOU MUST HAVE PRIVILEGES TO MAKE THIS UPDATE. ) % su # cd /usr/bin # mv mail mail.old # chmod 600 mail.old ( MOVE THE ULTRIX V4.2 BINARY TO /usr/bin/mail CHANGE PROTECTION, OWNER etc.)

-
受影响的程序版本

-
漏洞讨论

A potential security vulnerability has been identified in ULTRIX Version 4.1 where, under certain circumstances, user privileges can be expanded via /usr/bin/mail. This problem applies to both the VAX and DEC RISC (i.e. DECsystem and DECstation ) architectures.

-
漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

-
解决方案

Digital has corrected the identified code as of ULTRIX Version 4.2
(released May 1991). Digital recommends strongly that you upgrade to
ULTRIX Version 4.2 immediately to avoid any potential vulnerability
to your system via this problem. For those of you who are unable to
upgrade at this time, installing the ULTRIX Version 4.2 mail file on
your V4.1 system will correct this problem.

ULTRIX Version 4.2 of /usr/bin/mail has not been shown to be
compatible with versions of ULTRIX previous to ULTRIX version 4.1;
upgrading to ULTRIX V4.2 or upgrading to ULTRIX V4.1 and using the
ULTRIX 4.2 /usr/bin/mail program is required to correct this
problem.

Use one of the procedures below to update an ULTRIX Version 4.1 system:

- Procedure (1) describes the process to extract the
/usr/bin/mail binary from the ULTRIX Version 4.2 MUP subset.

- Procedure (2) provides the commands to install the
ULTRIX Version 4.2 /usr/bin/mail binary from another of your
system(s) where possible.

- Both the VAX (DECsystem) and DEC RISC (DECstation)
versions of the ULTRIX Version 4.2 /usr/bin/mail binary,
may be obtained by contacting your Digital Services Support
Organization.

(1) This procedure will replace your existing /usr/bin/mail binary using
the /usr/bin/mail binary from the ULTRIX Version 4.2 MUP distribution.
The procedure below describes the method to extract the binary from
the tape media.

NOTE:

Setting the environment to single user mode will prevent possible
disruption of the mail services.
- ------------------------------------------------------------------------------
-

To update an ULTRIX Version 4.1 system, you must first obtain the
ULTRIX Version 4.2 binary of /usr/bin/mail for your computer's
architecture from your ULTRIX Version 4.2 distribution tapes.

- ------------------------------------------------------------------------------
-
(2) To update the /usr/bin/mail binary from an existing V4.2
(similar platform (VAX or RISC)) remote node, copy the
file to your system and store it in a temporary location
(e.g., - /tmp/mail).
The procedure below provides an example using DECnet. Use the
copy command that fits your environment to copy the /usr/bin/mail
binary from a remote node to the /tmp directory on your local
system.

NOTE:

Setting the environment to single user mode will prevent possible
disruption of the mail services.
- ------------------------------------------------------------------------------
-